package com.springSecurity.test.Controller;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.io.IOException;

@RestController
@RequestMapping("/hello")
public class testController {

    @GetMapping("/{msg}")
    public String Hello(@PathVariable("msg") String msg){
        return "hello:" + msg;
    }

    @GetMapping("/hello")
    @PreAuthorize("hasAuthority('P10')")  //用户权限是P10才能访问
    public String hello(){
        return "hello security";
    }

    @GetMapping("/say")
    @PreAuthorize("hasRole('USER')")  // 必须有USER 的权限才能访问
    public String say(){
        return "say security";
    }
    @GetMapping("/all")
    @PreAuthorize("permitAll()")  // 所有权限都能访问
    public String all(){
        return "say security";
    }
}
